Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Disk crash and disk partitioning - questions and suggestion

    General pfSense Questions
    3
    5
    1878
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kaarposoft last edited by

      Dear all,

      I have installed pfSense (2010.02.17-2217) on a Soekris net5501.
      This is an embedded device; I do not cleanly "shutdown" by software/ACPI, but just kill power to shut it off.
      After 5 or 10 power-off/power-on cycles, the box fails to boot since the file system has become corrupted.
      Although FreeBSD seems to be able to "restore" the file system, most files on the boot partition are missing.

      Obviously /tmp and /var are file systems pfSense should write to during normal operation, and if they are corrupt, pfSense should be able to boot anyway.
      And /cf is written to as well when using the GUI; if it is corrupt it should be possible to upload a backup config using the GUI.
      However, it seems that pfSense writes to several files which are by default on the root file system, such as:

      • /etc/dnscache/

      • /usr/local/arpwatch

      • /usr/local/lib/php.ini

      • /usr/local/etc

      This leads me to two questions and a suggestion.

      Question 1:
      Is it advisable to keep the default partitioning suggested by pfSense, or would it be better to partition the FreeBSD slice differently?

      Question 2:
      Is there any (FreeBSD) filesystem tunable parameters that should be tweaked to make the pfSense box more resilent to disk corruption?

      Suggestion:
      I would suggest to modify pfSense and packages so that they only write in /tmp and /var, plus /cf (and possibly /etc) for the GUI.
      Then /tmp, /var, /cf, and /etc could be put on (separate) writeable partitions, and / (and possibly a separate /usr and /root) could be mounted read-only.

      /Henrik

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob last edited by

        Suggestion: Use the nanobsd builds which are intended for use in environments where writing to the hard disk is to be minimised. In particular, the nanobsd builds take pains to have all the filesystems mounted readonly with writes enabled only when necessary.

        1 Reply Last reply Reply Quote 0
        • K
          kaarposoft last edited by

          Hi wallabybob,

          I have been wondering about NanoBSD…
          However, I have no CF card and no CF card writer.
          And since I have a SSD harddisk, I certainly don't want to purchase an extra CF.

          That being said, no suggestion should go untried, so I have tried to dd the pfSense nanoBSD image to my SSD.

          I shall revert with my experiences....

          /Henrik

          1 Reply Last reply Reply Quote 0
          • E
            EddieA last edited by

            @kaarposoft:

            However, I have no CF card and no CF card writer.
            And since I have a SSD harddisk

            When the nano image is restored to a CF card, it looks just like a "normal" disk, to the OS, so restoring it to your SSD shouldn't cause any issues.

            Cheers.

            1 Reply Last reply Reply Quote 0
            • K
              kaarposoft last edited by

              As I said, no suggestion should go untried, so I dd'ed the pfSense nanoBSD image to my SSD.
              And basically it works fine!

              However, even if the / filesystem is mounted read-only (RO), it seems to be mounted read-write (RW) every now and then.
              I notice a lot of calls to conf_mount_rw() in /usr/local/www

              I guess this works nice with a CF card: In general RO, but when needed RW.
              But the root filesystem is thus not truly RO.

              So in "my" case it does not work as needed…

              I might play around a bit and try to mount /etc from a different partion etc...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post